Changing Jupyter service to ClusterIP by default. (kubeflow#139)

* Changing default Service type for Jupyterhub to Cluster IP * Exposing services publicly is a security risk so we want to avoid recommending that since people may not understand the implications * Updated documentation to reflect ClusterIP change for Jupyter.
jlewi · Jan 25, 2018 · fed20a1 · fed20a1
1 parent 8aaa393
commit fed20a1
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/kubeflow/core/jupyterhub.libsonnet b/kubeflow/core/jupyterhub.libsonnet
@@ -186,7 +186,7 @@ c.KubeSpawner.pvc_name_template = 'claim-{username}{servername}'
 	  }
    },
 
-   jupyterHubLoadBalancer: {
+   jupyterHubLoadBalancer(serviceType): {
 	  "apiVersion": "v1", 
 	  "kind": "Service", 
 	  "metadata": {
@@ -207,7 +207,7 @@ c.KubeSpawner.pvc_name_template = 'claim-{username}{servername}'
 	    "selector": {
 	      "app": "tf-hub"
 	    }, 
-	    "type": "LoadBalancer"
+	    "type": serviceType
 	  }
 	},
 
@@ -318,4 +318,4 @@ c.KubeSpawner.pvc_name_template = 'claim-{username}{servername}'
 	  ]
 	},
   }, // parts
-}
+}
diff --git a/kubeflow/core/prototypes/all.jsonnet b/kubeflow/core/prototypes/all.jsonnet
@@ -9,6 +9,7 @@
 // @optionalParam tfJobImage string gcr.io/tf-on-k8s-dogfood/tf_operator:v20180117-04425d9-dirty-e3b0c44 The image for the TfJob controller.
 // @optionalParam tfDefaultImage string null The default image to use for TensorFlow.
 // @optionalParam tfJobUiServiceType string ClusterIP The service type for the UI.
+// @optionalParam jupyterHubServiceType string ClusterIP The service type for Jupyterhub.
 
 // TODO(https://github.com/ksonnet/ksonnet/issues/222): We have to add namespace as an explicit parameter
 // because ksonnet doesn't support inheriting it from the environment yet.
@@ -38,6 +39,7 @@ local jupyterConfigMap = if std.length(diskNames) == 0 then
 local tfJobImage = import 'param://tfJobImage';
 local tfDefaultImage = import 'param://tfDefaultImage';
 local tfJobUiServiceType = import 'param://tfJobUiServiceType';
+local jupyterHubServiceType = import 'param://jupyterHubServiceType';
 
 // Create a list of the resources needed for a particular disk
 local diskToList = function(diskName) [
@@ -61,7 +63,7 @@ std.prune(k.core.v1.list.new([
 	// jupyterHub components
 	jupyterConfigMap,
     jupyter.parts(namespace).jupyterHubService, 
-    jupyter.parts(namespace).jupyterHubLoadBalancer,
+    jupyter.parts(namespace).jupyterHubLoadBalancer(jupyterHubServiceType),
     jupyter.parts(namespace).jupyterHub(jupyterHubImage),
     jupyter.parts(namespace).jupyterHubRole,
     jupyter.parts(namespace).jupyterHubServiceAccount,

diff --git a/user_guide.md b/user_guide.md
@@ -1,6 +1,6 @@
 # Using Kubeflow
 
-This guide will walk you through the basics of deploying and interacting with Kubeflow. A basic understanding of Kubernetes, Tensorflow, and Ksonnet are useful in understanding the contents of this guide.
+This guide will walk you through the basics of deploying and interacting with Kubeflow. Some understanding of Kubernetes, Tensorflow, and Ksonnet are useful in completing the contents of this guide.
 
 * [Kubernetes](https://kubernetes.io/docs/tutorials/kubernetes-basics/)
 * [Tensorflow](https://www.tensorflow.org/get_started/)
@@ -86,21 +86,22 @@ kubectl get svc -n=${NAMESPACE}
 
 NAME               TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
 tf-hub-0           ClusterIP      None            <none>        8000/TCP       1m
-tf-hub-lb          LoadBalancer   10.11.245.94   xx.yy.zz.ww   80:32481/TCP   1m
+tf-hub-lb          ClusterIP      10.11.245.94    <none>        80/TCP         1m
 tf-job-dashboard   ClusterIP      10.11.240.151   <none>        80/TCP         1m
 ```
 
-If you're using minikube, you can run the following to get the URL for the notebook.
+By default we are using ClusterIPs for the JupyterHub UI. This can be changed to a LoadBalancer by issuing `ks param set kubeflow-core jupyterHubServiceType LoadBalancer`, however this will leave your Notebook open to the Internet.
 
-```
-minikube service tf-hub-lb --url
+To connect to your notebook:
 
-http://xx.yy.zz.ww:31942
+```
+PODNAME=`kubectl get pods --selector="app=tf-hub" --output=template --template="{{with index .items 0}}{{.metadata.name}}{{end}}"`
+kubectl port-forward $PODNAME 8000:8000
 ``` 
 
-For some cloud deployments, the LoadBalancer service may take up to five minutes display an external IP address. Re-executing `kubectl get svc` repeatedly will eventually show the external IP field populated.
+Then open [http://127.0.0.1:8000](http://127.0.0.1:8000) in your browser.
 
-Once you have an external IP, you can proceed to visit that in your browser. You should see a sign in prompt.
+You should see a sign in prompt.
 
 1. Sign in using any username/password
 1. Click the "Start My Server" button, you will be greeted by a dialog screen.